X-Scan

X-Scan is one of the well-known comprehensive scanners in China. It is completely free and is a green software that does not require installation. The interface supports both Chinese and English languages, including graphical interface and command line. Mainly from domestichousehold nameThe private hacker organization "Security Focus" was completed. From the internal beta version X-Scan V0.2 in 2000 to the current new version X-Scan 3.3-cn, it has gathered the efforts of many domestic hackers. The most noteworthy thing is that X-Scan connects the scan report to the security focus website, evaluates the "risk level" of each vulnerability scanned, and provides vulnerability descriptions and vulnerability overflow procedures to facilitate network administrators to test and patch vulnerabilities.

X-Scan scanner uses multi-threading to detect security vulnerabilities in specified IP address segments (or single machines). and version, standard port status and port BANNER information, CGI vulnerabilities, IIS vulnerabilities, RPC vulnerabilities, SQL-SERVER, FTP-SERVER, SMTP-SERVER, POP3-SERVER, NT-SERVER weak password users, NT server NETBIOS information, etc. The scan results are saved in the /log/ directory, and index_*.htm is the scan result index file. For some known vulnerabilities, we have provided corresponding vulnerability descriptions, exploits and solutions. Other vulnerability information is being further compiled and improved. You can also check relevant instructions through the "Security Literature" and "Vulnerability Engine" columns of the author's website. .

x-scan software screenshot (or written as xscan)

X-Scan Scanner Installation Instructions

The X-Scan provided by Huajun Software Park is the 3.3 Simplified Chinese version. Due to the special features of the software, there may be virus reporting. Please choose it by yourself. After decompression, run "xscan_gui.exe" directly to start.

Win7 cannot run X-scan solution

There is no problem with X-scan running on Your X-scan folder is not the system32 folder.

X-Scan scanner usage tutorial

1. Interface

The X-scan interface is shown in the figure below. It is roughly divided into three areas. The upper part of the interface is the menu bar, and the lower part of the interface is the status bar. If the software is in English, you can set the language to Chinese in the Language menu of the menu bar.

2. Parameter settings

Click the "Settings" menu and select "Scan Parameters" or directly click the blue button on the toolbar to enter the scan parameter settings.

1. Detection range: Set the IP to be scanned. You can set the detection range as an example, or obtain the host list from a file.

2. Global settings: used to set global scanning parameters, as follows:

Scan module: Set the modules that need to be scanned. For scanning a single device, you can select all modules. If you scan devices within a certain range, you can check the modules that need to be scanned as needed.

Concurrent scanning: Set the concurrency of scanning, the default is enough. If the machine performance is good and the bandwidth is sufficient, the concurrency can be increased appropriately.

Scan report: Set the name and type of scan report, etc.

Other settings: Set the detection mechanism for the target device, etc. If it is a single device, it is recommended to use an unconditional scan, because the test found that x scan is not very accurate in determining whether the host is alive.

3. Plug-in settings: Set related options for each plug-in

Port-related settings: Set port-related items. The ports to be detected can be any combination of ports. The detection method using TCP can improve the accuracy of x-scan, but it is easily blocked by the other party's firewall. The opposite is true for SYN. Identifying services based on responses, x-scan is able to determine which services are running based on responses, even if the port has been changed. Default well-known service ports, you can customize some ports as well-known service ports.

SNMP related settings: Set SNMP protocol detection items. It is recommended to select all.

NETBIOS related settings: Set the detected NETBIOS information, mainly for the detection of NETBIOS in Windows systems. It does not matter if you check it when testing a single non-Windows device.

Vulnerability detection script settings: Default is enough

CGI related settings: Set the scanning strategy of CGI (Public Gateway Interface), mainly for scanning web servers, usually by default.

Dictionary file settings: Set the dictionary used when scanning weak passwords. You can edit the dictionary to customize weak passwords.

3. Start scanning

After saving the configuration, click the start button on the toolbar to scan. The x-scan interface has detailed scan status. The scan time depends on the depth and breadth of the scan.

4. Scan results

After the scan is completed, x-scan will automatically pop up the scan results. The results will list the vulnerabilities and solution suggestions in detail. High-risk vulnerabilities will be marked in red fonts. As shown in the picture:

X-Scan Scanner Setup Instructions

Detection range "Specify IP range" - You can enter an independent IP address or domain name, or you can enter an IP range separated by "-" and ",", such as "192.168.0.1-20,192.168.1.10-192.168.1.254", or similar " 192.168.100.1/24” mask format. "Get host list from file" - Select this check box to read the host address to be detected from the file. The file format should be plain text. Each line can contain an independent IP or domain name, or it can contain "-" and " ," separated IP ranges.

Global Settings "Scan Module" item - Select the plug-in that needs to be loaded for this scan. "Concurrent Scan" item - Set the number of hosts and concurrent threads for concurrent scanning. You can also set the number of threads for each plug-in for each host individually. "Network Settings" item - Set the appropriate network adapter. If the network adapter cannot be found, please reinstall the WinPCap 3.1 beta4 or above version driver. "Scan Report" item - the name of the report file generated after the scan is completed and saved in the LOG directory. Scanning reports currently support three formats: TXT, HTML and XML.

Other settings "Skip unresponsive hosts" - If the target host does not respond to ICMP ECHO and TCP SYN messages, X-Scan will skip detecting the host. "Unconditional Scan" - As the title states "Skip hosts with no open ports detected" - If no open ports are found within the user-specified TCP port range, subsequent detection of the host will be skipped. "Use NMAP to determine the remote operating system" - X-Scan uses SNMP, NETBIOS and NMAP to comprehensively determine the remote operating system type. If NMAP makes frequent errors, this option can be turned off. "Show details" - mainly used for debugging, this option is not recommended for normal use. "Plug-in settings" module: This module contains individual settings for each plug-in, such as the port range settings of the "port scanning" plug-in, the username/password dictionary settings of each weak password plug-in, etc.

X-Scan Scanner FAQ

​ 1. If the WinPCap driver is not installed, can I use X-Scan to scan normally?

If the WinPCap driver is not installed on the system, X-Scan will automatically install WinPCap 3.1 after startup; if a higher version of WinPCap is already installed on the system, X-Scan will use the existing version.

2. What is the reason why the machine suddenly restarts with a blue screen during the scanning process?

It is possible that the system will blue screen during the scanning process. Firewall drivers such as AtGuard and Skynet may make errors when processing special packages, causing the system to crash. In addition, many firewall drivers also conflict with the WinPCap driver itself. It is recommended to disable or uninstall the firewall first. Try the program again.

3. What is the reason for incorrect operating system recognition?

Operating system identification cannot guarantee 100% accuracy. Currently, the fingerprint database of NMAP, P0F, NETBIOS information and SNMP information are integrated for identification. If the target machine does not open the NETBIOS and SNMP protocols, the TCP/IP stack fingerprint is not in the database. , the user needs to make a comprehensive analysis based on other information.

X-Scan scanner update log:

​ 1. Optimized some functions

​ 2. Solved many unbearable bugs